<?php
//include "../../app/dao/database.php";
//start session
session_start();

class Login_Dao{
    
    //table fields
    var $user_table = 'user';          
    var $username = 'username';     
    var $password = 'password';
    var $db;
    //penggunaan level user
	//var $user_level = 'category';    
	
    function __construct(Database $class_db){
        
        $this->db=$class_db;
    }
	
	//login function
    function login($table, $username, $password){
       
        $this->db->connect->connect();
     
        if($this->user_table == ""){
            $this->user_table = $table;
        }
        
     
        $result = $this->qry("
								SELECT 
								* 
								FROM 
								".$this->user_table." 
								WHERE 
								".$this->username."='?' 
								AND 
								".$this->password." = '?';
								" , 
								$username, $password);
        $row=mysql_fetch_assoc($result);
        if($row != "Error"){
            if($row[$this->username] !="" && $row[$this->password] !=""){
                
				$_SESSION['loggedinuser'] = $row[$this->username];
                //$_SESSION["loggedinpass"] = $row[$this->password];
                //penggunaan level user
                //$_SESSION['userlevel'] = $row[$this->user_level];
                return true;
            }else{
                session_destroy();
                return false;
            }
        }else{
            return false;
        }
 
    }
 
    //fungsi mencegah SQL injection
    function qry($query) {
      $this->db->connect->connect();
      $args  = func_get_args();
      $query = array_shift($args);
      $query = str_replace("?", "%s", $query);
      $args  = array_map('mysql_real_escape_string', $args);
      array_unshift($args,$query);
      $query = call_user_func_array('sprintf',$args);
      $result = mysql_query($query) or die(mysql_error());
          if($result){
            return $result;
          }else{
             $error = "Error";
             return $result;
          }
    }
 
    //logout function
    function logout(){
        unset($_SESSION['loggedinuser']);
        header("location:index.php");
    }
 
    //check loggedin
    function logincheck($logincode, $user_table, $username, $password){
  
        $this->db->connect->connect();

        if($this->user_table == ""){
            $this->user_table = $user_table;
        }
        if($this->username == ""){
            $this->username = $username;
        }
		if($this->password == ""){
            $this->password = $password;
        }
        
    
        $result = $this->qry("
								SELECT 
								* 
								FROM 
								".$this->user_table." 
								WHERE 
								".$this->password." = '?';
								" , 
								$logincode);
        $rownum = mysql_num_rows($result);
        //return true if logged in and false if not
        if($rownum != "Error"){
            if($rownum > 0){
                return true;
            }else{
                return false;
            }
        }
    }
	
	public function getUserName(){
        if($this->logincheck= true){ 
			if(isset($_SESSION['loggedinuser'])){
				return $_SESSION['loggedinuser'];
			}else{
				return;
			}
		}else{
        return ; 
	}
    }
	
	public function getUserId(){
        if($this->logincheck= true){ 
			return $_SESSION['user_id'];
		}else{
	return ;
	}
    }
}
?>